1. 技术文章
  2. How to check ACL of the each object in stored in S3

How to check ACL of the each object in stored in S3

ぐ巨炮叔叔 提交于 2019-12-25 01:45:00

问题


How to check Access Control List (ACL) of the each object in stored in S3 bucket of Amazon Web Services via AWS SDK for .Net?

It is not only for .Net SDK, it is applicable for all AWS SDK like Node and Java SDK too.

In the below code snippet, I could not find the Access level property of each object. If the access level permission is known already, I can inform user early before accessing objects for read/write/download operations. 

    static void Main(string[] args)
    {
        string bucketName = "mytestbucket1234"; //Testing purpose only, not a real bucket
        using (IAmazonS3 s3client = new AmazonS3Client())
        {
            ListObjectsV2Request request = new ListObjectsV2Request() { BucketName = bucketName };
            var bucketItem = s3client.ListObjectsV2(request);
            foreach (var x in bucketItem.S3Objects)
            {
                //need to access Access Level List Permission here, property is not available 
                Console.WriteLine(x.Key);
                Console.WriteLine(x.ETag); 
            }
        }
    }

回答1:


That isn't currently possible. You have two options:-

  1. Retrieve all the objects (up to a 1000) using ListObjectsV2 and then call GetACL with the combination of BucketName and Key:-

    private static void ListACLs(BasicAWSCredentials credentials, RegionEndpoint regionEndpoint, string bucketName)
{
    using (var client = new AmazonS3Client(credentials, regionEndpoint))
    {
        var s3Objects = client.ListObjectsV2(new ListObjectsV2Request
        {
            BucketName = bucketName
        }).S3Objects;

        foreach (var s3Object in s3Objects)
        {
            var getAclRequest = new GetACLRequest
            {
                BucketName = bucketName,
                Key = s3Object.Key
            };

            var grants = client.GetACL(getAclRequest).AccessControlList.Grants;

            foreach (var s3Grant in grants)
            {
                Console.WriteLine(s3Grant.Permission);
            }
        }
    }
}

  2. Or if you already know the combination of BucketName and Key then you can skip the ListObjectsV2 call and just do a GetACL call:-

    private static void ListACLs(BasicAWSCredentials credentials, RegionEndpoint regionEndpoint, string bucketName, string key)
{
    using (var client = new AmazonS3Client(credentials, regionEndpoint))
    {
        var getAclRequest = new GetACLRequest
        {
            BucketName = bucketName,
            Key = key
        };

        var grants = client.GetACL(getAclRequest).AccessControlList.Grants;

        foreach (var s3Grant in grants)
        {
            Console.WriteLine(s3Grant.Permission);
        }
    }
}

Personally, I think if you are testing each objects ACL before retrieval then your model needs looking at. By default when you upload an object to S3 it is private. Also, when you try to retrieve a private object without the correct credentials S3 will return HTTP Status 403 and a Access Denied message. I would investigate using that mechanism if you really need that feature.

Hope that helps!



来源:https://stackoverflow.com/questions/49182962/how-to-check-acl-of-the-each-object-in-stored-in-s3

标签
c#
.net
amazon-web-services
amazon-s3
aws-sdk
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!